ID

VAR-202304-0299


CVE

CVE-2023-20148


TITLE

Cross-site scripting vulnerability in multiple Cisco Systems products

Trust: 0.8

sources: JVNDB: JVNDB-2023-006809

DESCRIPTION

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. These vulnerabilities are due to insufficient input validation by the web-based management interface. An attacker could exploit these vulnerabilities by sending crafted HTTP requests to an affected device and then persuading a user to visit specific web pages that include malicious payloads. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Cisco has not released software updates that address these vulnerabilities. RV016 Multi-WAN VPN firmware, RV042 Dual WAN VPN firmware, RV042G Dual Gigabit WAN VPN Cross-site scripting vulnerabilities exist in multiple Cisco Systems products, including firmware.Information may be obtained and information may be tampered with

Trust: 1.71

sources: NVD: CVE-2023-20148 // JVNDB: JVNDB-2023-006809 // VULMON: CVE-2023-20148

AFFECTED PRODUCTS

vendor:ciscomodel:rv082scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv325scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv016scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv320scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:rv042gscope:eqversion: -

Trust: 1.0

vendor:シスコシステムズmodel:rv042g dual gigabit wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv016 multi-wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv082 dual wan vpnscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv325 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco rv320 dual gigabit wan vpn ルータscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:rv042 dual wan vpnscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-006809 // NVD: CVE-2023-20148

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-20148
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2023-20148
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-20148
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202304-288
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2023-20148
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.1

Trust: 2.0

NVD: CVE-2023-20148
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-006809 // CNNVD: CNNVD-202304-288 // NVD: CVE-2023-20148 // NVD: CVE-2023-20148

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.0

problemtype:Cross-site scripting (CWE-79) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-006809 // NVD: CVE-2023-20148

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-288

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202304-288

PATCH

title:cisco-sa-rv-stored-xss-vqz7gC8Wurl:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-stored-xss-vqz7gC8W

Trust: 0.8

title:Cisco Small Business Fixes for cross-site scripting vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=233386

Trust: 0.6

title:Cisco: Cisco Small Business RV016, RV042, RV042G, RV082 , RV320, and RV325 Routers Cross-Site Scripting Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-rv-stored-xss-vqz7gC8W

Trust: 0.1

sources: VULMON: CVE-2023-20148 // JVNDB: JVNDB-2023-006809 // CNNVD: CNNVD-202304-288

EXTERNAL IDS

db:NVDid:CVE-2023-20148

Trust: 3.3

db:JVNDBid:JVNDB-2023-006809

Trust: 0.8

db:AUSCERTid:ESB-2023.2020

Trust: 0.6

db:CNNVDid:CNNVD-202304-288

Trust: 0.6

db:VULMONid:CVE-2023-20148

Trust: 0.1

sources: VULMON: CVE-2023-20148 // JVNDB: JVNDB-2023-006809 // CNNVD: CNNVD-202304-288 // NVD: CVE-2023-20148

REFERENCES

url:https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-rv-stored-xss-vqz7gc8w

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2023-20148

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2023.2020

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2023-20148/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-20148 // JVNDB: JVNDB-2023-006809 // CNNVD: CNNVD-202304-288 // NVD: CVE-2023-20148

SOURCES

db:VULMONid:CVE-2023-20148
db:JVNDBid:JVNDB-2023-006809
db:CNNVDid:CNNVD-202304-288
db:NVDid:CVE-2023-20148

LAST UPDATE DATE

2024-08-14T13:20:53.608000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-20148date:2023-04-06T00:00:00
db:JVNDBid:JVNDB-2023-006809date:2023-11-16T05:52:00
db:CNNVDid:CNNVD-202304-288date:2023-04-14T00:00:00
db:NVDid:CVE-2023-20148date:2023-11-07T04:06:14.363

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-20148date:2023-04-05T00:00:00
db:JVNDBid:JVNDB-2023-006809date:2023-11-16T00:00:00
db:CNNVDid:CNNVD-202304-288date:2023-04-05T00:00:00
db:NVDid:CVE-2023-20148date:2023-04-05T19:15:09.220